Take it from me: sitting on the sideline is no way to make it to the top. Even if ‘the top’ isn’t your destination, to experience career success in some form requires active assessment and thoughtful...

Smartphones are picking up popularity. You can now access email, social media, and other things from a device that fits in your pocket (most of the time). And, although we hear about breaches and security...

McAfee Labs provides important information about threats in a variety of ways, from our McAfee Global Threat Intelligence service that feeds into many of our products, to published Threat Reports, our...

How Do I Defend Against Threats in the Latest McAfee Labs Report?

At Intel Security, Protecting Customers Takes Precedence

Point-of-Sale Systems under Attack

Most of us were stunned to hear about the economically devastating malware attacks on several U.S. retail chains this past December. More than 70 million customers are potentially impacted by the breach at Target stores alone. But what’s most surprising is how easy it was for cybercriminals to use off-the-shelf malware to exploit point-of-sale (POS) system vulnerabilities.

POS Malware Is Not New

Besides addressing common security threats, retailers must also battle a cybercrime ecosystem that is primarily focused on POS systems. Over the last few years, we’ve seen a notable increase in the number of POS malware families, including POSCardStealer, Dexter, Alina, vSkimmer, and ProjectHook, many of which can be purchased online. The cybercrime industry and its role in POS attacks are detailed in the recent McAfee Labs Threats Report: Fourth Quarter 2013.

More Details on the Target Breach

In cooperation with various agencies, McAfee Labs learned that BlackPOS malware was used to steal customer data handled by Target POS systems. This malware is sold as an off-the-shelf exploit kit that can be easily modified and redistributed with little programming skill or knowledge of malware functionality. BlackPOS source code has also been leaked multiple times.

The attackers customized BlackPOS for the Target environment, enabling malware components to hardcode scripts in order to access information such as Active Directory domain names, user accounts, and IP addresses of Server Message Block (SMB) shares. Making the POS systems particularly vulnerable, the scripts were in plain text, and the transmitted data was sent in clear text (i.e., unencrypted) via FTP to its destination.

Evasion Techniques

Cybercriminals are constantly on the move, looking for ways to evade popular antimalware applications and controls. Every day, McAfee discovers new cryptors, packers, and other obfuscation methods used to avoid detection. Some attackers purchase software online that can test whether the Trojans they created will slip past their targets’ defenses and popular security apps.

Security by Design – Call to Action for OEMs

The security landscape for retailers is extremely challenging, especially for those with a large assortment of retail devices. The best defense against data-stealing malware is comprehensive threat protection, which is essentially an end-to-end security approach that allows the network to identify advanced malware and suspicious traffic. As such, it’s critically important that OEMs offer secure retail devices to help the retail industry better fend off the cybercrime community.

OEMs are in the best position to understand how to protect the devices they’ve designed and consequently, should ensure the devices they ship are fully protected on day one.